VDB
RHSA-2026%3A0338
RHSA-2026%3A0338
PUBLISHED
CVSS 7.5 HIGH
A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer() processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying writer pipe to close. In affected versions, this leaves the Writer interface unusable and can disrupt logging functionality, potentially degrading application availability.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-node-exporter-rhel9@sha256:54a0f85781a25d05c9e0d045d4787a0bd2873e4d4e1ca222f8f61ceebfa258f0_s390x as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-prometheus-node-exporter-rhel9@sha256:54a0f85781a25d05c9e0d045d4787a0bd2873e4d4e1ca222f8f61ceebfa258f0_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-monitoring-plugin-rhel9@sha256:7f9e48b6a06e6e2e1543e96e5749cf243ea8535ebb3386e16938badf34070617_s390x as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-monitoring-plugin-rhel9@sha256:7f9e48b6a06e6e2e1543e96e5749cf243ea8535ebb3386e16938badf34070617_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-installer-rhel9@sha256:edba2471c3183bd561f07676981f4065ec478de4c07e8cb53b9b04b6cf1627a6_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-installer-rhel9@sha256:edba2471c3183bd561f07676981f4065ec478de4c07e8cb53b9b04b6cf1627a6_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-baremetal-rhel9-operator@sha256:e9227cdec2d9def144d32ca098d70b93b72b77a3ed0c059a6045eb417d195583_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | *, registry.redhat.io/openshift4/ose-baremetal-rhel9-operator@sha256:e9227cdec2d9def144d32ca098d70b93b72b77a3ed0c059a6045eb417d195583_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-container-networking-plugins-rhel9@sha256:72c13df0b819ab4b0e60eb40d636c34e72918760c6e635a39fd847d6b0f9b30d_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | *, registry.redhat.io/openshift4/ose-container-networking-plugins-rhel9@sha256:72c13df0b819ab4b0e60eb40d636c34e72918760c6e635a39fd847d6b0f9b30d_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-machine-api-provider-aws-rhel9@sha256:e2fac36d1432b3667e9943318d2ea43a3c3f1c3809d51bccc0124debff692330_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-networking-console-plugin-rhel9@sha256:fb966ed23952aae325c83dee819bdc4be0186f7273d340995425615a9bf35630_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-networking-console-plugin-rhel9@sha256:fb966ed23952aae325c83dee819bdc4be0186f7273d340995425615a9bf35630_arm64, * |
| Red Hat | registry.redhat.io/openshift4/ose-cloud-credential-rhel9-operator@sha256:18316aa9283ec448ea3c48555a0b11c6b14de88f4ba5b80e1deb56257ec9e460_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cloud-credential-rhel9-operator@sha256:18316aa9283ec448ea3c48555a0b11c6b14de88f4ba5b80e1deb56257ec9e460_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:9a287a7fa8900e43258e22eb9f3ec76d03c89863c9a01b704a77ea0c131b80c1_s390x as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel9@sha256:9a287a7fa8900e43258e22eb9f3ec76d03c89863c9a01b704a77ea0c131b80c1_s390x, * |
| Red Hat | registry.redhat.io/openshift4/ose-baremetal-rhel9-operator@sha256:2209f67bb5ed6c488d30904344a1bb7dc10cd8f8c2121ec909fef78e96f377fa_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/ose-configmap-reloader-rhel9@sha256:1c491aad7a531156021131952391eeb76df882d2fe6a75d494a7fa9101d374a4_s390x as a component of Red Hat OpenShift Container Platform 4.18 | *, registry.redhat.io/openshift4/ose-configmap-reloader-rhel9@sha256:1c491aad7a531156021131952391eeb76df882d2fe6a75d494a7fa9101d374a4_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-agent-installer-csr-approver-rhel9@sha256:f79ee8ce68af5ad3a67e1c9b47f1326bf18ec4681e0c176cd42638fe324ddb11_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-olm-rhel9-operator@sha256:0dd3eb0518045a216c8af1ff762a1f949b2d99ce1a1b784ca5fd25b0ce8c78da_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-kubevirt-cloud-controller-manager-rhel9@sha256:4008f600f3161e71129cc01bfbf6c5d8a3fd27822047f1dadfe346e684dc3166_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | *, registry.redhat.io/openshift4/ose-kubevirt-cloud-controller-manager-rhel9@sha256:4008f600f3161e71129cc01bfbf6c5d8a3fd27822047f1dadfe346e684dc3166_amd64 |
| Red Hat | registry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:9267b216d9419f8d920d2f740d0d3209b38a8d5b8966c4efd590b0f5d556d182_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/kubevirt-csi-driver-rhel9@sha256:9267b216d9419f8d920d2f740d0d3209b38a8d5b8966c4efd590b0f5d556d182_ppc64le, * |
| Red Hat | registry.redhat.io/openshift4/ose-networking-console-plugin-rhel9@sha256:539d3fe1bc1ae12161c29a14b50734f137d1cdca0ac3e3d9ec5e3e97168516cf_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-operator-marketplace-rhel9@sha256:1bf326595f9a389789409f853851c1688019b89e958b7b9320c2c356d7a5aa2b_amd64 as a component of Red Hat OpenShift Container Platform 4.18 | * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-etcd-rhel9-operator@sha256:b73f66ec870fc0f7d8f5d86a4aa2fce493fd06db8525b71515402a5085ac3bec_ppc64le as a component of Red Hat OpenShift Container Platform 4.18 | *, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-control-plane-machine-set-rhel9-operator@sha256:0310e0ac82ab9af6b3a919db3765e7454b76eb16b475a9babec1faf5a7e3389c_arm64 as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/ose-cluster-control-plane-machine-set-rhel9-operator@sha256:0310e0ac82ab9af6b3a919db3765e7454b76eb16b475a9babec1faf5a7e3389c_arm64, * |
| Red Hat | registry.redhat.io/openshift4/azure-kms-encryption-provider-rhel9@sha256:05c30513e43c817c9c59a233679aece6d03f46be150f860c2c8eeb4ec661c296_s390x as a component of Red Hat OpenShift Container Platform 4.18 | registry.redhat.io/openshift4/azure-kms-encryption-provider-rhel9@sha256:05c30513e43c817c9c59a233679aece6d03f46be150f860c2c8eeb4ec661c296_s390x |
…and 1296 more
Timeline
- Jan 14, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:0338 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0338.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md exploit
- https://github.com/sirupsen/logrus/issues/1370 advisory
- https://github.com/sirupsen/logrus/pull/1376 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 advisory